On Sat, 22 Nov 2003, SN wrote: > > (The 1597 ports scanned but not shown below are in state: closed) > > Port State Service > > 6/tcp filtered unknown > > 25/tcp filtered smtp > > 80/tcp open http > > 135/tcp filtered loc-srv > > Okay the output here means, the firewall is blocking 6, 25,135, since they > show up here you didn't completely drop all packages, but only block them, > this is usually safe. > > 80 is completely open, if you run apache, then apache will be available from > outside
I don't run a web server, nor any other service. > > Host localhost (127.0.0.1) appears to be up ... good. > > Initiating Connect() Scan against localhost (127.0.0.1) at 14:54 > > Adding open port 10000/tcp > > Adding open port 6000/tcp > > The Connect() Scan took 0 seconds to scan 1623 ports. > > Interesting ports on localhost (127.0.0.1): > > (The 1621 ports scanned but not shown below are in state: closed) > > Port State Service > > 6000/tcp open X11 > > 10000/tcp open snet-sensor-mgmt > > > The reason why you get a completely different out put is, first of all, if > you scan localhost, then you scan only services that are bound to localhost. > Depends on your setup, just run nmap on your localbox but instead of > nmap --vv localhost specify your real IP of the interface that connects to > the internet. > > Also because shorewall is usually setup to block only traffic coming in from > the device that connects to the internet the output will look different. > Therefore the scan from outside is much more important. > > I tried nmap -vv <My IP> instead of "localhost" and the outcome is still OK. The explanation of Mike Williams must be right, and it is confirmed by the output of netstat. Thank you for your reply. -- Jorge Almeida -- [EMAIL PROTECTED] mailing list
